I thank you for contributing your efforts to securing our messages, and would like to discuss the level of trust you expect from users.

As you know, trust is very expensive when it comes to security and privacy, so a claim of storing privates keys locally on device has to be challenged, The best challenge is to review the code. But... there's a problem here. Your product is obscured and not open sourced for independent review; how would you convince users that the private key is not stored on your servers? After all, the Public key has to be uploaded, so there's no way of knowing what was uploaded by just looking at the traffic since it's using TLS.

Secondly, the process of encryption states that there's a throwaway key that is used to encrypt the message itself, the question here is who generates that key? Is it generated by your servers or locally by the user's device?

Thank you for your interest in Cyphr. We have a passion for security here at Golden Frog, and it sounds like it’s an interest you share.

Trust is a very important thing when operating in the realm of privacy and security, and it is a regular conversation for us internally. Trust is a key element of VyprVPN as well as Cyphr. That said, we are not likely to open source our code base for the purpose of review; it’s not who we are or how we operate. I also personally challenge this sense that open source is safer and is the only way to have a secure communication system. There is clear and recent evidence that just because something is open source does not make it any safer – Heartbleed (OpenSSL), Shellshock (bash), and POODLE (SSL 3.0 Protocol), among others, have proven this point in recent times. Further, just because an application is open sourced doesn't mean that the version distributed through an app store doesn't have hooks and back doors added to it. In short, open source is more of a red herring than it is an answer to security.

What we are doing is evaluating options of having 3rd party independent reviews to help improve and validate the security model of Cyphr. The desire would be to improve Cyphr in the area of detected weakness and to provide information to our customers as to the security in-play. This will take us some time to accomplish as we are focused on many different efforts currently.

You asked a different question in the subject of the post – and the answer is that the private key is really stored only on the device. In an upcoming release we will allow you to opt-in to multi-device mode which will then prompt you to encrypt your private key and at that point it will be uploaded to the server. You can then obtain access to the private key to access Cyphr from alternative devices. This is completely opt-in, and the private key is encrypted on the server. We have discussed other ideas for key transfer between devices not including the server, and we are likely to provide other capabilities in the future. Though we've internally discussed many ideas, I’m open to hearing your ideas.

As for the question of where the ephemeral keys are generated, the only correct and secure answer is that they are generated on the devices. If they were to be generated on the server then the server would have the ability to decrypt the data, and that would very seriously violate our zero knowledge goal with Cyphr. I’m interested in any insight you have which may have provoked asking this question.

Well I wouldn't just call it an interest in my case. It certainly is, yet it's more than that by being a survival need where I live unfortunately. And when I say "survival" I mean actual "life", not just cyber privacy.

But really I'm not an expert, nor am even a developer. I'm someone who needs to know security to protect myself and some others close to me.

I asked those questions just to be sure, not to undermine your efforts in anyway. I have the deepest respect for people who work in this field, such as yourselves.

As far as my inexperienced input on the multi-device feature, I'm not particularly interested in this feature and I suggest you think very deeply about implementing it as securely as possible; not just technically, but from a social standpoint as well. I would actually be worried if it was implemented as I can't particularly verify that the person I'm talking with isn't compromised himself. I may be technically inclined not to get compromised easily (in theory), but I understand that who I'm talking with isn't as techy, for example, as the other party in the conversation.

With that said, I hope to see a way of sharing the key over LAN network or some other way that doesn't involve sharing it over the Internet whatsoever, even though I understand it's encrypted. The problem I see is that we can't fully understand the capabilities of those interested in mass surveillance or even those who might abuse the legal system to get what they want from your servers (getting the key is the first step in breaking that user's security).

There's also the aspect of user error. If it's encrypted by the user's own secret key, this brings all risks associated with putting that info at the hand of the user; from social engineering attacks to even simple brute forcing of weak passwords after requesting the key from the server. So I'm all for decreasing the attack surface as much as possible.